This invention relates to integrated circuit (IC) devices such as smart cards, and to methods for using IC devices for authentication purposes. This invention may also be extended to other types of IC devices with limited memory and processing capabilities, such as smart diskettes, electronic wallets, PC cards, and the like. More particularly, the invention relates to methods for using steganographic communication to authenticate authenticatable identities.
Authentication systems are used for security purposes to verify the authenticity of one or more parties or entities during a transaction. Traditionally, authentication systems have been manual, involving personal recognition or quick verification of a party via some form of additional identification. One very familiar authentication process occurs when purchasing an item with a personal check. The sales clerk will process the check only if he/she recognizes the person writing the check or if the person presents another piece of identification (e.g., a credit card or driver""s license) to verify their authenticity as the specific person who is tendering the check.
Today, many authentication systems are electronic. A familiar electronic authentication system is a common credit card purchase. A card issuer issues a credit card to a consumer to enable the consumer to purchase items on credit. Credit cards that are primarily in use today consist of magnetic-stripe memory cards that have a single magnetic stripe (xe2x80x9cmag-stripexe2x80x9d) on one side. The magnetic stripe contains information about the card issuer, the consumer, and his/her account.
During a purchase transaction, the consumer presents the credit card to a sales clerk, who authenticates the card before finalizing the transaction. The credit card authentication process is typically performed xe2x80x9conlinexe2x80x9d. The sales clerk swipes the card through a reader, which extracts the card data from the magnetic stripe and transmits the data over a network to the card issuer (or a third party contracted to handle authentication requests). The card issuer checks to ensure that the card is still valid (i.e., has not expired), has not been revoked as being lost or stolen, and the corresponding account is below the authorized credit limit. If the authentication is successful, the card issuer returns an approval and the sales clerk completes the transaction. With conventional telecommunications and computerized processes, the entire credit card authentication process is typically handled in an acceptable length of time, such as a few seconds.
Today, there is increasing use of xe2x80x9csmart cardsxe2x80x9d in place of, or in addition to, conventional magnetic stripe cards. A xe2x80x9csmart cardxe2x80x9d is a thin card about the size of a credit card, with a built-in processor that enables the card to modify, or even create, data in response to external stimuli. The processor is a single-wafer integrated circuit (IC) which is mounted on an otherwise plastic card. For this is reason, smart cards are often referred to as one class of xe2x80x9cintegrated circuit cardsxe2x80x9d or xe2x80x9cIC cardsxe2x80x9d.
As smart card technology becomes more pervasive, it paves the way for conducting a variety of new transactions, such as electronic money, which are not available with conventional mag-stripe cards. Smart cards also open up the arena for conducting certain new xe2x80x9cofflinexe2x80x9d transactions, which do not involve validating a card with a central authority. These offline electronic transactions are typically performed without the human intervention, such as from a sales clerk.
Smart cards are equipped with authentication capabilities used to establish the identity of an entity with which it is communicating. An identity can be an individual human being, a business, a piece of computing hardware, software code, a network node, an organizational role, or an accreditation agent. Smart cards also have authorization capabilities to control access to resources stored on the cards or elsewhere. Authentication capabilities are typically in the form of a secret password or cryptographic keys. For a basic introduction of cryptography, the reader is directed to a text written by Bruce Schneier and entitled xe2x80x9cApplied Cryptography: Protocols, Algorithms, and Source Code in C,xe2x80x9d published by John Wiley and Sons with copyright 1994 (second edition 1996).
Smart cards have programs and data that are specifically dedicated to performing these authentication capabilities. These special programs and data define a natural point to attack on the authentication subsystem of a network. Many of the various physical and environmental attacks that are detected are based on identifying and carefully observing the special steps, calculations and hardware that are dedicated to performing the authentication capabilities.
One type of attack is the so-called differential power attack. This attack is directed to observing the power consumption of the smart card and ascertaining the type of processing that takes place through changes in the power that is consumed by the card. For example, when a binary multiplication operation is performed, more power is drawn from the external power supply when the multiplier is xe2x80x9c1xe2x80x9d than when the multiplier is xe2x80x9c0xe2x80x9d. Thus, by monitoring the power consumption during a time that a card is handling cryptographic material, one can ascertain what mathematical operations are taking place.
Another kind of attack is a so-called timing attack. A timing attack monitors the time that it takes to perform certain operations, e.g. it takes longer to multiply by 1 than it does to multiply by 0. Thus, if authentication times take longer, that may be an indication that there are more 1s in an authentication key than 0s.
In order to counter these types of attacks, authentication keys and protocols have become more complex. This has had an impact on the amount of special purpose software and hardware that must be used to manipulate authentication keys. Ironically, the increase in complexity may actually make a system easier to attack.
Because of the need for special processing and calculations, secret key authentication procedures typically decouple the authentication process from other normal data processing. As a result, the authentication process can be more easily identified, isolated, and subjected to an attack. Attacks such as the xe2x80x9cman in the middlexe2x80x9d attack and the replay attack are attacks on the authentication procedure and not necessarily on the authentication data. In fact, many of the weaknesses in the authentication systems are in the increasingly complex protocols that are used to conduct the authentication process and not in the explicit revealing of the key material being used.
Accordingly, this invention arose out of concerns associated with providing improved methods and systems for authenticating identities.
This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for authenticating identities.
The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication structures. Each identity has a unique authentication structure.
In one embodiment, each authentication structure is defined by a collection of data-handling or data processing commands. These commands are the types of commands that are normally associated with data processing that is performed by the IC device. These commands are not inherently functional to provide any authenticating capabilities. The commands can be arranged in a unique manner so that each identity becomes associated with a unique set of defined commands. Arrangements can be embodied in the particular types of commands that are selected, the order of selected commands, or both, to name just a few.
When an identity is authenticated, a dialog takes place between the IC device and the identity. The dialog contains the authentication structure for an identity. If the authentication structure matches the identity offering the structure, then the identity is authenticated. By using normal, expected commands, the fact that authentication is taking place is hidden from any observers. Thus, preferred embodiments use steganographic communicationxe2x80x94i.e. communication in which the actual message, while present and observable, is disguised, to authenticate identities.